Andy Coates
2018-Sep-03 02:36 UTC
[Gluster-users] /var/run/glusterd.socket permissions for non-root geo-replication (4.1.3)
Hi all, We're investigating geo-replication and noticed that when using non-root geo-replication, the sync user cannot access various gluster commands, e.g. one of the session commands ends up running this on the slave: Popen: command returned error cmd=/usr/sbin/gluster --remote-host=localhost system:: mount geosync user-map-root=geosync aux-gfid-mount acl log-level=INFO log-file=/var/log/glusterfs/geo-replication-slaves/snip/snip.log volfile-server=localhost volfile-id=shared client-pid=-1 error=1 Popen: /usr/sbin/gluster> 2 : failed with this errno (No such file or directory) The underlying cause of this is the gluster command not being able to write to the socket file /var/run/glusterd.socket - if I change the group to my geo-replication group and add group write, the command succeeds and geo-replication becomes active. The problem is every time the server/service restarts it comes back up as root:root srwxr-xr-x. 1 root root 0 Sep 3 02:17 /var/run/glusterd.socket So a couple of questions: 1) Should the geo-replication non-root user be able to do what it needs without changing those permissions? 2) If it does need write permission, is there a config option to tell the service to set the correct permissions on the file when it starts so that the non-root user can write to it? Thanks. Andy -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.gluster.org/pipermail/gluster-users/attachments/20180903/c5490f81/attachment.html>